nanog mailing list archives

Re: IPv6 deployment excuses

From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Tue, 5 Jul 2016 11:16:31 +0900

Baldur Norddahl wrote:

With end to end NAT, you can still configure your UPnP capable NAT
boxes to restrict port forwarding.

Only if you by NAT mean "home network NAT". No large ISP has or will deploy
a carrier NAT router that will respect UPnP.


A large ISP should just set up usual NAT. In addition, the ISP
tells its subscriber a global IP address, a private IP address
and a small range of port numbers the subscriber can use and
set up *static* bi-directional port forwarding.

If each subscriber is allocated 64 ports, effective address
space is 1000 times more than that of IPv4, which should be
large enough.

Then, if a subscriber want transparency, he can set up his
home router make use of the bi-directional port forwarding
and his host reverse translation by nested port forwarding.

That does not scale and is a
security nightmare besides.


It is merely because you think you must do it dynamically.

But, if you want to run a server at fixed IP address
and port, port forwarding must be static.

                                                Masataka Ohta

Current thread:

Re: IPv6 deployment excuses, (continued)
- - - Re: IPv6 deployment excuses Masataka Ohta (Jul 04)
    - Re: IPv6 deployment excuses Filip Hruska (Jul 04)
    - Re: IPv6 deployment excuses Masataka Ohta (Jul 04)
    - Re: IPv6 deployment excuses Baldur Norddahl (Jul 04)
    - IPv6 deployment excuses Ca By (Jul 04)
    - Re: IPv6 deployment excuses Baldur Norddahl (Jul 04)
    - Re: IPv6 deployment excuses Ca By (Jul 04)
    - Re: IPv6 deployment excuses Mikael Abrahamsson (Jul 04)
    - Re: IPv6 deployment excuses Baldur Norddahl (Jul 05)
    - Re: IPv6 deployment excuses Mikael Abrahamsson (Jul 05)
    - Re: IPv6 deployment excuses Masataka Ohta (Jul 04)
    - Re: IPv6 deployment excuses Spencer Ryan (Jul 04)
    - Re: IPv6 deployment excuses Valdis . Kletnieks (Jul 04)
    - Re: IPv6 deployment excuses Masataka Ohta (Jul 04)
    - Re: IPv6 deployment excuses Mike Hammett (Jul 05)
    - Re: IPv6 deployment excuses Jared Mauch (Jul 04)
    - Re: IPv6 deployment excuses Matt Hoppes (Jul 04)
    - Re: IPv6 deployment excuses Jared Mauch (Jul 04)
    - Re: IPv6 deployment excuses Masataka Ohta (Jul 04)
  - RE: IPv6 deployment excuses Gary Wardell (Jul 01)
    - Re: IPv6 deployment excuses Alarig Le Lay (Jul 01)

(Thread continues...)